32 Commits

Author SHA1 Message Date
Jaakko Heinonen
6ca7812a19 In _gettemp(), check that the length of the path doesn't exceed
MAXPATHLEN. Otherwise the path name (or part of it) may not fit to
carrybuf causing a buffer overflow.

PR:		bin/140228
Suggested by:	jilles
2010-02-28 13:31:29 +00:00
John Baldwin
e68d07ff16 Fix a few bugs with the _gettemp() routine which implements mkstemp(),
mkstemps(), and mkdtemp().
- Add proper range checking for the 'slen' parameter passed to mkstemps().
- Try all possible permutations of a template if a collision is encountered.
  Previously, once a single template character reached 'z', it would not wrap
  around to '0' and keep going until it encountered the original starting
  letter.  In the edge case that the randomly generated starting name used
  all 'z' characters, only that single name would be tried before giving up.

PR:		standards/66531
Submitted by:	Jim Luther
Obtained from:	Apple
MFC after:	1 week
2008-07-28 21:18:59 +00:00
Andrey A. Chernov
bc8541b1d1 Use arc4random_uniform(3) since modulo size is not power of 2 2008-07-22 15:08:50 +00:00
Warner Losh
c879ae3536 Per Regents of the University of Calfornia letter, remove advertising
clause.

# If I've done so improperly on a file, please let me know.
2007-01-09 00:28:16 +00:00
Jacques Vidrine
e0554a531f Eliminate 61 warnings emitted at WARNS=2 (leaving 53 to go).
Only warnings that could be fixed without changing the generated object
code and without restructuring the source code have been handled.

Reviewed by:	/sbin/md5
2003-02-16 17:29:11 +00:00
Robert Drehmel
6e818f06aa Correct a check for NUL.
Spotted by: bde
2002-05-27 19:27:43 +00:00
Robert Drehmel
fb08c0489d - Move the loop conditional into the "for" header.
- Remove redundant "? :" construct.
style(9):
 - Place a space after return statements.
 - Compare pointers to NULL.
 - Do not use ! to compare a character to nul.
2002-05-27 11:01:30 +00:00
Robert Drehmel
ccccc4e1c3 Avoid wandering over the beginning of the actual buffer
if the passed template string contains only 'X' characters.

Submitted by:	Mark Andrews <marka@isc.org> (patch modified)
PR:		38402
2002-05-23 14:21:02 +00:00
David E. O'Brien
333fc21e3c Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.
2002-03-22 21:53:29 +00:00
David E. O'Brien
c05ac53b8b Remove __P() usage. 2002-03-21 22:49:10 +00:00
David E. O'Brien
8fb3f3f682 Remove 'register' keyword. 2002-03-21 18:49:23 +00:00
Daniel Eischen
d201fe46e3 Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions.  If the threads library is linked in, the real
pthread functions will pulled in.

Use the following convention for system calls wrapped by the
threads library:
	__sys_foo - actual system call
	_foo - weak definition to __sys_foo
	foo - weak definition to __sys_foo

Change all libc uses of system calls wrapped by the threads
library from foo to _foo.  In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde).  All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes.  <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h  namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.

Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE.  We have recursive mutexes, but would like to avoid
using them if possible.

Remove uneeded includes of <errno.h> from a few files.

Add $FreeBSD$ to a few files in order to pass commitprep.

Approved by:	-arch
2001-01-24 13:01:12 +00:00
Kris Kennaway
f1303ab4b2 Increase the size of the mktemp() filename space by dropping the PID from
the encoding and using the character set [a-zA-Z0-9]. This gives a total
of 62^6 = 56800235584 possible temporary filenames for the usual default
invocation of 6 X's (compared to as few as 52 possibilities for the
previous algorithm where up to 5 characters were wasted by the PID).

Update some apparently bitrotten comments to reflect reality.

Audited by:	eivind, freebsd-audit
Reviewed by:	freebsd-current (a while ago)
Originally submitted by:	Peter Jeremy <Peter.Jeremy@alcatel.com.au>
2000-11-10 23:27:55 +00:00
Jason Evans
9233c4d942 Simplify sytem call renaming. Instead of _foo() <-- _libc_foo <-- foo(),
just use _foo() <-- foo().  In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate.  In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().

Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().

Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().

Make thread cancellation fully POSIX-compliant.

Suggested by:	deischen
2000-01-27 23:07:25 +00:00
Jason Evans
929273386f Add three-tier symbol naming in support of POSIX thread cancellation
points.  For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep().  The arrows represent weak aliases.  For
system calls, the pattern is _read() <-- _libc_read() <-- read().
2000-01-12 09:23:48 +00:00
Peter Wemm
5f02be00bc While comparing this with OpenBSD (ie: trying to figure out what mkstemps()
is good for... :-)), I discovered that part of the change when mkstemps()
was brought in was missed - it was missing the termination case to make
sure it doesn't walk into the suffix.  This isn't the same code OpenBSD
has, I think this is a little better as we terminate the loop in a better
spot.
1999-12-11 14:48:24 +00:00
Andrey A. Chernov
bac6a61c15 Add unsigned char cast to isdigit 1999-11-04 04:57:05 +00:00
Andrey A. Chernov
5eb8ccf583 Remove UNSAFE_WARN ifdef for mktemp warning (never defined)
Use _mktemp internally
1999-10-24 11:57:24 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Warner Losh
06b6a8ab98 Add mkstemps from OpenBSD. This has been in my tree for months and
hasn't caused any problems until the egcs import.  This fix breaks the
world build, but my very next commit will remove mkstemps from the
egcs build.
1999-04-04 20:28:04 +00:00
Peter Wemm
ed1bbda829 Revert last change. mkstemp() wasn't to blame, it's nvi. However,
mkstemp() is not behaving as documented.
1998-10-20 15:33:21 +00:00
Peter Wemm
eb356f9af0 Stop mk*temp() from being pathologically stupid in the face of a umask(0);
There are other ways to fix this than wrapping _gettemp(), but this was
the most convenient.

Discovered by: bde
1998-10-20 12:36:36 +00:00
Peter Wemm
4fea76f539 Fix a nasty flaw as a result of using the arc4random() pre-seeding of
leading XXX's.  It could wrap an uppercase character through chars
like:  [ \ ] ^ _ `  in between Z and a.  The backslash and back tick
might be particularly nasty in a shell script context.  Also, since
we've been using upper-case generated values for a while now, go with
the flow and use them in the pathname search rotation.
1998-04-14 07:25:05 +00:00
Bruce Evans
87ad126763 Fixed uninitialized pointer in previous commit. mktemp() was broken.
I noticed cvs core dumps and uncleaned cvs temporary files in /tmp.

Fixed ANSIisms.
1998-03-03 14:38:36 +00:00
Warner Losh
2f253e75c8 Many security improvements from OpenBSD:
implement mkdtemp
	improve man page for mk*temp
	use arc4random to seed extra XXX's randomly
	Optionally warn of unsafe mktemp uses
From various commits by theo de raadt and Todd Miller.
Obtained from: OpenBSD

This should go into 2.2 after a testing period.
1998-02-13 02:13:24 +00:00
Guido van Rooij
0fb28c0973 Fix race
Obtained from: Keith Bostic
1997-04-07 18:01:10 +00:00
Peter Wemm
7e546392b5 Revert $FreeBSD$ to $Id$ 1997-02-22 15:12:41 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
James Raynard
ce51cf0392 Suggested by: Bruce Evans, Jeffrey Hsu, Gary Palmer
Added $Id$'s to files that were lacking them (gpalmer), made some
cosmetic changes to conform to style guidelines (bde) and checked
against NetBSD and Lite2 to remove unnecessary divergences (hsu, bde)

One last code cleanup:-

Removed spurious casts in fseek.c and stdio.c.
Added missing function argument in fwalk.c.
Added missing header include in flags.c and rget.c.
Put in casts where int's were being passed as size_t's.
Put in missing prototypes for static functions.
Changed second args of __sflags() inflags.c and writehook() in vasprintf.c
from char * to const char * to conform to prototypes.

This directory now compiles with no warnings with -Wall under
gcc-2.6.3 and with considerably less warnings than before with the
ultra-pedantic script I used for testing. (Most of the remaining ones
are due to const poisoning).
1996-06-22 10:34:15 +00:00
James Raynard
b83100194d Code cleanup:-
The usual stuff, adding missing function prototypes, argument types,
return values, etc. In mktemp.c, convert pid from u_int to pid_t, and
get rid of "extern int errno".
1996-06-12 22:58:21 +00:00
Poul-Henning Kamp
c0d41487f2 Minor cleanup, #include's and unused vars.
Added compile-time warning to an old funky function.
1995-10-22 14:52:30 +00:00
Rodney W. Grimes
58f0484fa2 BSD 4.4 Lite Lib Sources 1994-05-27 05:00:24 +00:00